The invention concerns a method for authenticating a software downloaded in a terminal, comprising the following steps: authenticating by certificate said downloaded software by means of a software integrated in said terminal; authenticating by certificate, during execution of said downloaded software, said integrated software by means of an authenticating software module associated with said downloaded software.
|
1. A method for authenticating software downloaded in a terminal, said method comprising:
authenticating, by a first certificate, said downloaded software using a first integrated software in said terminal;
authenticating said first integrated software using an authentication software module associated with said downloaded software during execution of said downloaded software, wherein said first integrated software is authenticated using a second certificate;
Wherein the first integrated software authenticates the downloaded software using an authentication library and the first certificate, wherein the first integrated software and the authentication library form a first part of write-protected memory, and wherein the downloaded software and the first certificated form a second part of loadable memory; and
Wherein the first part of the write-protected memory further comprises the second certificate, wherein the second part of loadable memory further comprises verification software, and wherein, once the downloaded software has been authenticated, the verification software authenticates the first integrated software using the authentication library and the second certificate.
4. A computer system, comprising:
A processor; and
A memory comprising a first part and a second part, wherein the first part is write-protected and the second part is loadable memory,
Wherein the first part comprises a first integrated software, an authentication library, and a second certificate,
Wherein the second part comprises downloaded application software, a first certificate, and a verification software,
Wherein the computer system further comprises integrated software instructions that, when executed by the processor, are configured to:
Authenticate, by the first certificate, said downloaded application software using the first integrated software;
Authenticate said first integrated software using an authentication software module associated with said downloaded application software during execution of said downloaded application software, wherein said first integrated software is authenticated using a second certificate;
Wherein the first integrated software authenticates the downloaded application software using the authentication library and the first certificate; and
Wherein, once the downloaded application software has been authenticated, the verification software authenticates the first integrated software using the authentication library and the second certificate.
2. The method as claimed in
3. The method as claimed in
5. The computer system of
6. The computer system of
|
|||||||||||||||||||||||||||
The invention relates to integrated software and a method of authenticating the latter, in particular in the field of digital television decoders.
In the devices of the prior art, an integrity test of integrated software is normally performed by computing, using an external tool, a reference signature of this software representative of the latter and by inserting the latter into this software. During the software initialization phase, the software computes its own signature and compares this signature with the reference signature. If these signatures are different, the software executes a software routine specific to a defense procedure, otherwise it continues normally.
In the case of an authentication of such software, it is desirable to check the source of the latter. A known solution consists in applying the principle of the integrity test and combining it with an asymmetrical cryptographic algorithm: the reference signature is encrypted with a private key and the result is integrated, in the form of a certificate, in the software. During the checking phase, the reference signature is decrypted with a public key incorporated in the software before being compared to the reference signature.
A first document of the prior art, ETSI standard TS 101 812 V1-1-1 entitled “Digital Video Broadcasting (DVB) Multimedia Home Platform (MHP) Specification 1.0” (2000-07), in particular sections 12.2 and 12.7, describes the implementation of a method of authenticating software downloaded into a terminal by carrying out an authentication by certificate of said downloaded software by means of software integrated in said terminal.
A second document of the prior art, U.S. Pat. No. 6,167,521, describes a method of downloading new software into a system, the purpose of which is to prevent this new downloaded software from attacking software already installed in this system, or, conversely, to prevent the software already installed from attacking the new software, in particular when the respective software owners do not have confidence in each other.
More specifically, to perform a software authentication, the use of software contained in a memory in a first fixed, that is, write-protected, part 10 to authenticate application software of a second part 11, which may have been downloaded, using a certificate 12 located in this second part 11, is known, as illustrated in
Thus, in the decoder field, when a customer seeks out the service provider with new application software, the latter provides him with software for verifying this application software and a certificate to be associated with said application software.
However, in such a solution, there is no way for the provider of the first software to check that the authentication procedure has indeed taken place.
The object of the invention is to enable the provider to check that this authentication has indeed taken place and that his rights have therefore indeed been respected by the customer.
The present invention therefore proposes a method for authenticating software downloaded in a terminal, said method comprising a step for authenticating by certificate said downloaded software by means of software integrated in said terminal, characterized in that it also comprises a step for authenticating by certificate, during execution of said downloaded software, said first integrated software by means of an authentication software module associated with said downloaded software.
Advantageously, the first integrated software authenticates the downloaded software by means of an authentication library and a first certificate; the first integrated software and the authentication library form a first part of write-protected memory, the downloaded software and this first certificate form a second part of loadable memory.
Advantageously, the first part also includes a second certificate, the second part also includes verification software, and, once the downloaded software has been authenticated, the verification software authenticates the first software by means of the authentication library and the second certificate.
Advantageously, these two successive authentications take place on initialization. The second part can be downloaded.
The invention also relates to integrated software comprising a first write-protected memory part formed from first software and an authentication library, and a second part including application software and a first certificate, characterized in that the first part also includes a second certificate, and in that the second part also includes verification software.
This software can be used, for example, in a digital television decoder, in a PC (personal computer) type terminal, or in any other integrated device.
In the method of the invention, as in the method of the prior art illustrated in
Since the term “certificate” has a quite particular meaning (an electronic identity which is issued by a trusted third party for a person or a network entity, each certificate being signed with the private signature key of a certification authority) and is too limiting in the authentication techniques, the term “certificate” used in the present description is meant to cover also, more generally, the terms signature, CRC or other data required to verify the authenticity/integrity of software.
In the method of the invention, the first part 10 also includes a second certificate 13, as illustrated in
Such a method enables the supplier of the first software to check that the customer using the application software does indeed respect his rights.
In an exemplary embodiment, the format of the certificate, illustrated in
The 1024-bit signature begins with a byte at 0 to enable its RSA encryption, the rest 20 is filled randomly in a different way before each encryption.
At the offset H_CODE_OFFSET from the start of the message, there is a hash code SHA1 on 20 bytes. This H_CODE is preceded by a CHECK_PATTERN pattern, the function of which is to enable distinction between a wrong decryption (public key number or value, algorithm, inconsistent certificate) and a wrong H_CODE during the integrity check.
Sarfati, Jean-Claude, Chau, Hervé
| Patent | Priority | Assignee | Title |
| 7644287, | Jul 29 2004 | Microsoft Technology Licensing, LLC | Portion-level in-memory module authentication |
| 7698562, | Dec 18 2003 | Panasonic Corporation | Authenticated program execution method |
| 7831838, | Mar 05 2004 | Microsoft Technology Licensing, LLC | Portion-level in-memory module authentication |
| 8060749, | Dec 18 2003 | Panasonic Corporation | Authenticated program execution method |
| 8086862, | Dec 18 2003 | Panasonic Corporation | Program data file storage method in broadcast receiver and broadcast receiver |
| 8341422, | Sep 18 2003 | Apple Inc. | Method and apparatus for incremental code signing |
| 8364965, | Mar 15 2006 | Apple Inc | Optimized integrity verification procedures |
| 8880897, | Sep 18 2003 | Apple Inc. | Method and apparatus for incremental code signing |
| 8886947, | Mar 15 2006 | Apple Inc. | Optimized integrity verification procedures |
| 9672350, | Mar 04 2008 | Apple Inc | System and method of authorizing execution of software code based on at least one installed profile |
| Patent | Priority | Assignee | Title |
| 6675201, | Mar 03 1999 | Nokia Corporation | Method for downloading software from server to terminal |
| 6901518, | Apr 08 1999 | Oracle America, Inc | Method and system for establishing trust in downloaded proxy code |
| EP770957, | |||
| EP1033652, | |||
| WO64178, | |||
| WO2061557, |
| Executed on | Assignor | Assignee | Conveyance | Frame | Reel | Doc |
| Oct 02 2003 | Thomson Licensing | (assignment on the face of the patent) | / | |||
| Dec 04 2005 | CHAU, HERVE | Thomson Licensing | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 017464 | /0708 | |
| Dec 13 2005 | SARFATI, JEAN-CLAUDE | Thomson Licensing | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 017464 | /0708 | |
| Jul 30 2018 | Thomson Licensing | INTERDIGITAL CE PATENT HOLDINGS | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 047332 | /0511 | |
| Jul 30 2018 | Thomson Licensing | INTERDIGITAL CE PATENT HOLDINGS, SAS | CORRECTIVE ASSIGNMENT TO CORRECT THE RECEIVING PARTY NAME FROM INTERDIGITAL CE PATENT HOLDINGS TO INTERDIGITAL CE PATENT HOLDINGS, SAS PREVIOUSLY RECORDED AT REEL: 47332 FRAME: 511 ASSIGNOR S HEREBY CONFIRMS THE ASSIGNMENT | 066703 | /0509 |
| Date | Maintenance Fee Events |
| Sep 06 2011 | M1551: Payment of Maintenance Fee, 4th Year, Large Entity. |
| Sep 09 2015 | M1552: Payment of Maintenance Fee, 8th Year, Large Entity. |
| Oct 03 2019 | M1553: Payment of Maintenance Fee, 12th Year, Large Entity. |
| Date | Maintenance Schedule |
| Apr 08 2011 | 4 years fee payment window open |
| Oct 08 2011 | 6 months grace period start (w surcharge) |
| Apr 08 2012 | patent expiry (for year 4) |
| Apr 08 2014 | 2 years to revive unintentionally abandoned end. (for year 4) |
| Apr 08 2015 | 8 years fee payment window open |
| Oct 08 2015 | 6 months grace period start (w surcharge) |
| Apr 08 2016 | patent expiry (for year 8) |
| Apr 08 2018 | 2 years to revive unintentionally abandoned end. (for year 8) |
| Apr 08 2019 | 12 years fee payment window open |
| Oct 08 2019 | 6 months grace period start (w surcharge) |
| Apr 08 2020 | patent expiry (for year 12) |
| Apr 08 2022 | 2 years to revive unintentionally abandoned end. (for year 12) |